SecSign ID Plugin: WordPress

2016-11-17 5 minutes to read

Use SecSign ID WordPress two factor authentication on your WordPress site with an easy and highly secure user login using iOS or Android mobile devices as well as for desktop use.

SecSign ID is a plugin for real two-factor authentication (2FA) for WordPress sites. 2FA adds another layer of security to your website by using a second token. In this case the physical token is your smartphone. If you need for more information about about two-factor authentication have a look at the Wordpress Plugin Page or our Github site.

Overview

Overview and Integration

Introducing SecSign ID for WordPress logins.

SecSign ID Integration

Please configure your desired integration of the SecSign ID Two Factor Authentication

Choose a system, where you want to add the secure login

Do you need your own ID Server inside your protected network or prefer if we manage and maintain it for you

The location to save the assigned SecSign IDs to a user account or the IDM alltogether

System to protect
?
The System you want to protect - Choose a system, where you want to add the secure login
SecSign ID Server location
?
Do you need your own ID Server inside your protected network or prefer if we manage and maintain it for you
User account location
?
The system to save the assigned SecSign IDs to a user account or the IDM alltogether
edit the settings to change the integration
Authentication
2FA
2FA blind
2FA no AP
2SA
2SA no AP
2SA blind
OTP
Enrollment
Custom ID
Pattern
IDP Custom Website
Enrollment initiated by SP
Enrollment with IDM
Show Network
Hide Network
Fullscreen
Request Solution
x
The authentication was successful
Installation

Install the plugin

Prerequisites
In order to use our WordPress two factor authentication plugin, log into
WordPress as admin and click on “Plugins” in the main menu to open the
Plugins screen.

Click on “Add New” in the submenu under Plugins. Search for “SecSign” and click “Install Now” or click on “Upload” and select the downloaded zip archive.

wp1

Activation

Activate 2FA

  1. Log into WordPress as admin and click on “Plugins” in the main menu to open the Plugins screen. Then find “SecSign ID Login” in your list of Plugins.
  2. Click “Activate” under “SecSign ID Login”.
  3. Click “Appearance” in the main menu and then click on “Widgets” in the submenu.
  4. Drag and drop the “SecSign ID Login” widget to the desired destination, for example the “Main Sidebar”

wp2

User Configuration

Configure 2FA for your users

  1. Login into WordPress as a user and go to your profile page.
  2. Assign a SecSign ID to your profile to allow SecSign ID WordPress two factor authentication.
  3. Optionally, you can simply sign in with your SecSign ID. You will then be shown a dialog, where you can create a new user or assign your SecSign ID to an existing WordPress user. In order to do this, the two options for Fast Registration need to be activated (see 4).

wp3

Plugin Settings

Plugin Settings

Log into WordPress as an administrator and click on “SecSign ID Login” in the main menu. You will find the following settings:

  • Service Name: The name of this web site as it shall be displayed on the user’s smart phone.
  • Plugin Layout: Choose if the frontend login form shall be displayed with padding and a shadow or not.
  • Show SecSign ID login form on wp-login.php Page? Check if you want to show the SecSign ID WordPress two factor authentication on the WordPress login page.
  • It is strongly recommended to enable the SecSign login, because users with deactivated password logins won’t be able to login anymore. See troubleshooting.

The following block is divided into WordPress roles.

  • In the upper half, you see all administrators, editors, authors und contributors. It is recommended to deactivate the password logins except for the main administrator or users without smartphone.
    • In many cases, it takes only one weak password to cause a breach in the security system of the whole enterprise.
    • The main administrator and all users without smartphone are advised to choose a strong password (unique, min. 14 letters with capitals, numbers and special characters, no words).
  • You find the subscribers on the lower section. When Fast Registration is activated, you will find all newly registered users in this area.
    • These users do not have authorization to change anything except their own profile.
    • If you choose to grant more rights to a user, click on “Users – All Users” in the main menu, choose the user and select under “Role” the desired WordPress role.

Fast Registration: In order not to have to create new user accounts yourself you can allow your co-workers or web site users to create user accounts themselves by logging in with their SecSign ID via wp-login.php or the login widget. You can allow them to create a new WordPress user or assign an existing one. After they created a WordPress account, you can assign WordPress roles to your co-workers via the user administration.

  • Allow SecSign ID users to create a new WordPress user when logging in?
    The user can create a new subscriber account after a successful login via SecSign ID. The user just needs to provide a new username.
  • Allow SecSign ID users to assign an existing WordPress user when logging in?
    The user can assign his SecSign ID to his existing WordPress account after a successful login via SecSign ID. The user needs to provide his WordPress username and password. The user will be logged out after 5 unsuccessful logins.
  • If both options are disabled and an unknown user tries to log in via SecSign ID WordPress two factor authentication, an error will be thrown.
Troubleshooting

Troubleshooting

You get the following warning:

You disabled the option “Show SecSign ID login on the WordPress login page.” and also deactivated Password Login for 2 users.

These users are not able to log into the WordPress admin panel anymore. For more Information visit secsign.com/wordpress-tutorial.

warning_msg_wordpress

Several settings interfere with each other.

To fix this error, activate “Show SecSign ID login form on wp-login.php Page?” on the SecSign ID settings page. Or you grant all users password login (not recommended).

searval_setting_wp

If you enabled the SecSign ID backend login and locked yourself out, do the following steps in order to disable the SecSign ID WordPress two factor authentication backend login:
  1. Open your WordPress directory via (S)FTP and rename the folder wp-content/plugins/secsign to secsign1.
  2. Reload the backend login page and login with your WordPress username and password.
    Important: Immediately rename the folder back to secsign.
  3. The SecSign ID WordPress two factor authentication Plugin is now deactivated. Click on “Plugins” in the main menu, look for “SecSign ID Login” and activate it.
  4. Adjust options in the SecSign ID settings (see 4).

Your own ID-Server

On premise installations of SecSign ID offer the flexibility to connect with your preferred servers, services, and devices. And you can customize the SecSign ID with your own organization’s branding.

Learn More
On Premise 2FA ID

Latest Blog Posts, Updates & Features

SecSign ID Server passed FIDO Certification

We are happy to announce that the SecSign ID server has passed the official FIDO certification program of the FIDO Alliance. This will allow you to use the complete FIDO2/WebAuthn standard for passwordless 2FA sign-ins in your exi ...

Mehr Lesen

Two-Factor Authentication with Fido2 / WebAuth

The FIDO2 Project is a set of standards developed by the FIDO Alliance and the World Wide Web Consortium (W3C) to create a strong authentication protocol for the web. It consist mainly of the WebAuth standard for the browser part ...

Mehr Lesen

Protecting the Home Office VPN with 2FA

In the recent weeks, home office work has increased potentially. And while employees are practicing social distancing from their home computer, attackers are working hard to exploit security issues in this situation that is unfami ...

Mehr Lesen
SecSign 2FA